← Back to Topics

Plaintext Password Storage

The cluster centers on concerns that a service or website stores user passwords in plaintext, with debates on security implications and recommendations to use salted hashes instead.

📉 Falling 0.3x Security
5,583
Comments
20
Years Active
5
Top Authors
#3982
Topic ID

Activity Over Time

2007
26
2008
70
2009
234
2010
221
2011
500
2012
539
2013
533
2014
387
2015
279
2016
332
2017
283
2018
332
2019
440
2020
321
2021
237
2022
287
2023
177
2024
228
2025
147
2026
10

Top Contributors

tptacek (78) dchest (12) ceejayoz (12) Someone1234 (12) tedunangst (12)

Keywords

e.g JSON XML HTTPS ID MD5 HTTP PIA PS CSV password passwords plain text plaintext plain text storing store database hashes

Sample Comments

jandrese Dec 22, 2025 View on HN

Which means that they're storing your password in plaintext somewhere.

wapz Feb 24, 2017 View on HN

What's the fear? Aren't all passwords encrypted on the server side?

shawabawa3 Aug 21, 2012 View on HN

Why would I bother making a secure password if it's stored in plaintext anyway?

Zakuzaa Jun 28, 2011 View on HN

Was your password in plaintext? Just to confirm what others have been saying.

kragen Sep 10, 2015 View on HN

It doesn't imply they're storing your password in plaintext, no.

geoduck14 Jan 25, 2023 View on HN

Yeah, and they didn't mention "storing your passwords in plain text"

cubicle67 Mar 21, 2009 View on HN

The assumption you're making here is that the passwords are not stored in plain text :P

aw3c2 Oct 21, 2010 View on HN

This usually hints at plain text storage of passwords, so: Please do not store passwords, store (salted) hashes instead.

coaxial Aug 5, 2014 View on HN

Plain text passwords are bad, don't send it in the email at all. I hope they are stored as hashes and not plaintext on the app's end.

phpnode Nov 19, 2013 View on HN

no, they definitely shouldn't, for the same reason they don't store the real passwords in plain text. it would be a terrible security hole.